Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f18a8328 authored by nagendra modadugu's avatar nagendra modadugu Committed by Garret Kelly
Browse files

keymaster: Relax testing under GSI 

GSI images do not have AVB verification enabled and therefore lack
several properties the keymaster HAL test depended on.  Selectively
disable those parts of the test that would fail with AVB verification
disabled.  Also disable date format checks under GSI.  When invoked from
GSI the TEE-backed keymaster doesn't use the correct date format.

Bug: 130843899
Test: VtsHalKeymasterV4_0TargetTest
Exempt-From-Owner-Approval: change only affects VTS-on-GSI behavior
Change-Id: Idaafb7b515c41290c766a8132f35d498ca15f48a
parent 33723f56

keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp

+45 −32
Original line number Diff line number Diff line
@@ -309,6 +309,11 @@ std::string make_string(const uint8_t (&a)[N]) { 
    return make_string(a, N);

}



bool avb_verification_enabled() {

    char value[PROPERTY_VALUE_MAX];

    return property_get("ro.boot.vbmeta.device_state", value, "") != 0;

}



}  // namespace



bool verify_attestation_record(const string& challenge, const string& app_id,
@@ -359,11 +364,16 @@ bool verify_attestation_record(const string& challenge, const string& app_id, 
    EXPECT_EQ(0, memcmp(challenge.data(), att_challenge.data(), challenge.length()));



    char property_value[PROPERTY_VALUE_MAX] = {};

    // TODO(b/136282179): When running under VTS-on-GSI the TEE-backed

    // keymaster implementation will report YYYYMM dates instead of YYYYMMDD

    // for the BOOT_PATCH_LEVEL.

    if (avb_verification_enabled()) {

        for (int i = 0; i < att_hw_enforced.size(); i++) {

            if (att_hw_enforced[i].tag == TAG_BOOT_PATCHLEVEL ||

                att_hw_enforced[i].tag == TAG_VENDOR_PATCHLEVEL) {

                std::string date = std::to_string(att_hw_enforced[i].f.integer);

            // strptime seems to require delimiters, but the tag value will be YYYYMMDD

                // strptime seems to require delimiters, but the tag value will

                // be YYYYMMDD

                date.insert(6, "-");

                date.insert(4, "-");

                EXPECT_EQ(date.size(), 10);
@@ -381,6 +391,7 @@ bool verify_attestation_record(const string& challenge, const string& app_id, 
                EXPECT_LT(time.tm_year, 200);

            }

        }

    }



    // Check to make sure boolean values are properly encoded. Presence of a boolean tag indicates

    // true. A provided boolean tag that can be pulled back out of the certificate indicates correct
@@ -410,6 +421,7 @@ bool verify_attestation_record(const string& challenge, const string& app_id, 
                                &verified_boot_state, &device_locked, &verified_boot_hash);

    EXPECT_EQ(ErrorCode::OK, error);



    if (avb_verification_enabled()) {

        property_get("ro.boot.vbmeta.digest", property_value, "nogood");

        EXPECT_NE(strcmp(property_value, "nogood"), 0);

        string prop_string(property_value);
@@ -417,12 +429,13 @@ bool verify_attestation_record(const string& challenge, const string& app_id, 
        EXPECT_EQ(prop_string, bin2hex(verified_boot_hash));



        property_get("ro.boot.vbmeta.device_state", property_value, "nogood");

    EXPECT_NE(property_value, "nogood");

        EXPECT_NE(strcmp(property_value, "nogood"), 0);

        if (!strcmp(property_value, "unlocked")) {

            EXPECT_FALSE(device_locked);

        } else {

            EXPECT_TRUE(device_locked);

        }

    }



    // Verified boot key should be all 0's if the boot state is not verified or self signed

    std::string empty_boot_key(32, '\0');